Comment by yjftsjthsd-h

> On the one hand, you can make the argument that Google "ought" to allow Graphene into this program, because they have at least as good operating system security and hardware attestation as first-party android distributions. On the other hand: doing so would effectively mean Google is now a responsible party in the security processes and posture of Graphene; which isn't only a level of responsibility Google likely does not want, its a level of responsibility Graphene is unlikely to grant or agree to.

Is Google responsible for the security posture of any other vendor? If not, why would this be any different?